Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 3 subscribers
  • Views 11692 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problem with email notification, EmailNotifierEmailE (SMTP sender refused)

stefanoantonelli

Dear All,

having configured licensed Sophos AV (9.11.0 - 3.63.0 - 5.23)

on a linux server (CentOS Linux release 7.2.1511;  kernel release 3.10.0-327.4.4.el7.x86_64)

EmailNotifier: true
EmailServer: our_smtp_server:25
NotifyOnUpdate: true

NotifyOnUpdateCheck: true (to test notifications)

EmailSender: sophos-av@myserver.mydomain.fake

I'm not able to get notification mails from the server. The smtp-log file says "SMTP sender refused sophos-av@myserver.mydomain) and I find all the unsent mails in /opt/sophos-av/var/spool (e.g 2016-01-27.14-34-14.eteXY4 and 2016-01-27.14-34-14.eteXY4.lock)

I've tried both sendmail and postfix and I get the same error. I manage to telnet our smtp server on port 25 and I'm able to send mail from CLI even with the same EmailSender set for sophos.

I've two other servers which work, sending notifications: one on the same subnet with CentOS 6.7, kernel 2.6.32-573.12.1.el6.x86_64, sophos 9.11.0 - 3.63.0 - 5.23, sendmail and the other one on another net with CentOS 6.7, kernel 2.6.32-573.12.1.el6.x86_64, sophos 9.11.0 - 3.63.0 - 5.23, postfix.

I'm not able to debug this trouble; may it be due to CentOS release and/or kernel version or am I missing any configuration parameter?

Thank you, cheers

stefano



This thread was automatically locked due to age.
Parents
  • 0

    Hello stefano,

    perhaps a minor typo (apart from the little discrepancy I've observed: sophos-av@myserver.mydomain.fake vs. refused sophos-av@myserver.mydomain)? What do the logs on our_smtp_server say (isn't it the one refusing the sender)?

    Christian

  • 0 in reply to QC
    Hello Christian,
    thank you for your reply;

    the discrepancy is only in the message I wrote and not in the conf file. I just add fake names as hostname/domain.

    About log on our smpt_server: I don't see anything, I suppose because the mail doesn't arrive there (I find all the mail on the server with installed sophos in /opt/sophos/var/spool/ (mail in xml format and lock file).
    On the smtp_server I find only the mails I send from the "sophos server" from CLI assuring me that the connection postfix/sendmail with smtp_server is working.
    In the /opt/sophos/log/smtp.log-2016-01-27 I see this errors:

    15:43:26 (29407): SMTP sender refused sophos-av@the_name_I_choose
    15:43:26 (29407): Failed to process 2016-01-27.15-43-26.bCGtuz - 1

    and I see that the string "SMTP sender refused" comes from the file /opt/sophos-av/engine/_/sendEmail.0 but it's a python 2.7 compiled and I'm not able to debug this anymore.

    Thank you
    cheers
    stefano
  • 0 in reply to stefanoantonelli

    Hello stefano,

    log on our smpt_server
    of course what is logged and where depends on the software and its configuration but normally negative replies are logged. "SMTP sender refused" comes from ... a python I'm pretty sure this is sendEmail's way of telling us it has received a negative reply (4xx or 5xx) on the MAIL FROM command.(don't ask me why it apparently doesn't quote the reply it has received - but then it's assumed that you know what the upstream SMTP accepts and what not). If you can't find the relevant log on your_smtp_server you could trace what's transmitted and the actual reply using Wireshark or even a small netcat (nc) proxy. The full "dialogue" will hopefully give a hint where to look.

    Christian 

  • 0 in reply to QC
    Hello Christian,

    thank you because you pointed the right way;

    yes :-), there was some log on the smtp server and it told me that I put the wrong EmailSender with savconfig (alas! my fault). As soon as I corrected this, all the emails in /opt/sophos/var/spool/ have been sent!

    Beside...I've noticed even (alas again!) that, as name of the domain, I put the name of a server in the Email field...my fault again (of course, the mails where waiting queued on the smtp server...removed).

    So...the only guilty was me! Now things are working.

    thank you again and sorry for the loss of time
    cheers
    stefano
Reply
  • 0 in reply to QC
    Hello Christian,

    thank you because you pointed the right way;

    yes :-), there was some log on the smtp server and it told me that I put the wrong EmailSender with savconfig (alas! my fault). As soon as I corrected this, all the emails in /opt/sophos/var/spool/ have been sent!

    Beside...I've noticed even (alas again!) that, as name of the domain, I put the name of a server in the Email field...my fault again (of course, the mails where waiting queued on the smtp server...removed).

    So...the only guilty was me! Now things are working.

    thank you again and sorry for the loss of time
    cheers
    stefano
Children
No Data
Unfiltered HTML